On Election Security, Feds Flounder While States Make Strides

Trump’s “election integrity” commission has sucked all the air out of the room, but the real work of securing the nation’s voting system is happening far outside the Beltway.

The debate over the Russian election interference and American election security is a case study in the utter dysfunctionality of Beltway politics. By contrast, a number of states have already embarked on practical, problem-solving innovations in securing the ballot in future elections.

On the national stage, President Trump’s “election integrity” commission has careened from one controversy to another, taking steps that actually threaten to undermine ballot security. Outside the spotlight, state election officials are quietly taking steps to respond to the Russian threat and upgrade American election systems with better machines, more accurate voter rolls, and firewalls against hacking.

The state-level picture is not all rosy, of course, and plenty of Republican statehouses have moved in the wrong direction with ill-advised voting restrictions that threaten to keep voters from the polls. But when it comes to the Russia threat, many state administrators have managed to tune out the political bickering and pursue public-private collaborations that involve federal officials, academics, cybersecurity experts, and even tech giants like Google and Facebook. Consider:

Colorado will soon become the first state to roll out a statewide election security measure known as a “risk limiting” audit, a type of post-election audit that cross checks a sampling of paper records against electronic vote tallies, and that is considered the gold standard among cybersecurity experts.

Rhode Island has increased its information technology staff by 40 percent, recently convened a cybersecurity summit for more than 100 municipal election officials, and has started implementing automatic voter registration to improve the accuracy of its voter rolls. The Rhode Island legislature has also approved a new requirement for risk-limiting election audits in that state.

Virginia has decertified all its paper voting machines, and is replacing them with new systems that facilitate audits by creating a voter-verifiable paper trail. The state has also created a new position for a digital security expert and has upgraded its software system.

Helping facilitate such efforts is the Election Assistance Commission, the federal agency created by the 2002 Help America Vote Act. The EAC, which marks its 15th year in existence this month, and which Republicans have repeatedly tried to defund and shutter, is coming into its own after a bumpy history that included a stretch without a single commissioner on board.

EAC officials are working closely with the National Conference of State Legislatures, and with a “Defending Digital Democracy” project launched in July at Harvard University’s Belfer Center for Science and International Affairs, to bring election officials together with tech experts, business leaders and other election stakeholders. Facebook and Google, under fire and possibly facing new regulations for their role facilitating Russian disinformation campaigns, are among those advising state election officials on how to guard against the types of threats they daily face.

“We can’t just ask local election officials to protect their systems on their own, or state officials to protect their systems on their own,” says EAC chairman Matthew Masterson. “It has to come from local, state, federal, the private sector as well as academia. It’s all part of a coordinated response.”

One outcome of the Belfer project will be a playbook for how to improve cybersecurity, using simulations not unlike those conducted by national security officials. The EAC has also been working with the Department of Homeland Security, which in January declared the nation’s election systems part of the nation’s critical infrastructure, to facilitate communication with the states. Many state election administrators were irate to learn only after the fact the details of Russian hacking efforts that had been known to intelligence officials for months.

The EAC and the National Institute of Standards and Technology also recently announced the first new technical standards in more than a decade to guide voting machine manufacturers. These voluntary standards have already been embraced by all but three states, and are expected to be finalized by early next year. States are in desperate need of new technologies as their voting machines, many purchased with HAVA money 15 years ago, near obsolescence.

The challenge for state and local election officials, as always, is how to pay for it all.

The challenge for state and local election officials, as always, is how to pay for it all. HAVA came with a $4 billion federal assist. The Trump administration not only has no plans to boost state funding, but is actively undermining the states. The Trump “voter integrity” commission continues to demand vast amounts of voter data from the states, despite lawsuits that contend the demand violates privacy laws in many states, and puts voter information at risk.

Under fire from its inception, the Trump commission has now been roiled by the arrest of a staff member on charges of possessing child pornography, and increasingly loud complaints from two of its Democratic members that the commission has failed to inform them of what it’s doing, when it will release its report, and even when it will next meet. There’s also new evidence that a voter database masterminded by the commission’s vice chairman, Kansas Secretary of State Kris Kobach, is riddled with errors and subject to security risks.

The states have no silver bullet to secure American elections. But at least state and local officials are making a good-faith effort to ensure the sanctity of the vote. The same can’t be said of their federal counterparts.